CLAIMS 

What is claimed is: 

1 . (original) A computer-implemented method for verifying at runtime an invariant 
property of a data structure of a computer program, comprising: 

automatically generating a first code segment that verifies a runtime value of the data 
structure is consistent with the invariant property in response to an annotation of the data 
structure that defines the invariant property of the data structure; 

comparing the runtime value of the data structure with the invariant property during 
execution of the program via execution of the first code segment; and 

performing a programmed action if the runtime value is inconsistent with the invariant 
property. 

2. (original) The method, of claim 1, wherein the invariant property is a range of data 
addresses and further comprising verifying that the runtime value of the data structure is 
within a range of data addresses specified in source code of the computer program. 

3 . (original) The method of claim 1 , wherein the invariant property is a range of data 
addresses and further comprising: 

automatically generating during compilation a valid data address range including an 
upper bound and a lower bound for the range of data addresses, wherein the source code of 
the computer program does not include a specification of the upper bound and lower bound; 
and 

verifying that the runtime value of the data structure is within the valid data address 

range. 

4. (original) The method of claim 1, wherein the invariant property is a range of instruction 
addresses and further comprising verifying that the runtime value of the data structure is 
within the range of instruction addresses specified in source code of the computer program. 

5. (original) The method of claim 1, wherein the invariant property is a range of instruction 
addresses and further comprising: 

automatically generating during compilation a valid instruction address range 
including an upper bound and a lower bound for the range of addresses, wherein the source 
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code of the computer program does not include a specification of the upper bound and lower 
bound; and 

verifying that the runtime value of the data structure is within the valid instruction 
address range. 

6. (original) The method of claim 1, wherein the invariant property is a range of data values 
and further comprising the step of verifying that the runtime value of the data structure is 
within the range of data values. 

7. (original) The method of claim 1, further comprising communicating the invariant 
property from a compiler to a code generator. 

8. (original) The method of claim 7, further comprising storing the invariant property in a 
symbol table. 

9. (original) The method of claim 8 ? wherein the invariant property is a range of data 
addresses and further comprising verifying that the runtime value of the data structure is 
within a range of data addresses specified in source code of the computer program. 

10. (original) The method of claim 8, wherein the invariant property is a range of data 
addresses and further comprising: 

automatically generating during compilation a valid data address range including an 
upper bound and a lower bound for the range of data addresses, wherein the source code of 
the computer program does not include a specification of the upper bound and lower bound; 
and 

verifying that the runtime value of the data structure is within the valid data address 

range. 

1 1 . (original) The method of claim 8, wherein the invariant property is a range of instruction 
addresses and further comprising verifying that the runtime value of the data structure is 
within the range of instruction addresses specified in source code of the computer program. 
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12. (original) The method of claim 8, wherein the invariant property is a range of instruction 
addresses and further comprising: 

automatically generating during compilation a valid instruction address range 
including an upper bound and a lower bound for the range of addresses, wherein the source 
code of the computer program does not include a specification of the upper bound and lower 
bound; and 

verifying that the runtime value of the data structure is within the valid instruction 
address range. 

13. (original) The method of claim 8 5 wherein the invariant property is a range of data values 
and further comprising the step of verifying that the runtime value of the data structure is 
within the range of data values. 

14. (original) The method of claim 8, further comprising storing in the symbol table one or 
more code addresses associated with one or more updates to the data structure. 

15. (original) An apparatus for verifying at runtime an invariant property of a data structure 
of a computer program, comprising: 

means for automatically generating a first code segment that verifies a runtime value 
of the data structure is consistent with the invariant property in response to an annotation of 
the data structure that defines the invariant property of the data structure; 

means for comparing the runtime value of the data structure with the invariant 
property during execution of the program via execution of the first code segment; and 

means for performing a programmed action if the runtime value is inconsistent with 
the invariant property. 

16. (new) A computer-implemented method for verifying at runtime an invariant 
property of a data structure of a computer program, comprising: 

determining an invariant property of a data structure from a source code specification 
of the data structure and an associated specification of the invariant property in the source 
code, wherein the specification of the invariant property defines the invariant property 
without checking whether a variable used with the data structure is consistent with the 
invariant property; 



4 



generating from the specification of the invariant property a first executable code 
segment that determines whether a value of a variable used with the data structure is 
consistent with the invariant property; 

determining during execution of the first executable code segment whether the value 
of the variable used with the data structure is consistent with the invariant property; and 

performing a programmed action in response to the value of the variable being 
inconsistent with the invariant property. 

17. (new) The method of claim 16, wherein the invariant property is a range of data 
addresses established during compilation of program code that instantiates the data structure 
and the step of determining whether the value of the variable is consistent with the invariant 
property includes determining whether the value of the variable is within the range of data 
addresses. 

18. (new) The method of claim 16, wherein the invariant property is a range of data 
addresses and further comprising: 

automatically generating during compilation a valid data address range including an 
upper bound and a lower bound for the range of data addresses, wherein the source code of 
the computer program does not include a specification of the upper bound and lower bound; 
and 

determining whether the value of the variable used with the data structure is within the 
valid data address range. 

19. (new) The method of claim 16, wherein the invariant property is a range of 
instruction addresses established during compilation of program code that instantiates the 
data structure and further comprising verifying that the value of the variable used with the 
data structure is within the range of instruction addresses specified in source code of the 
computer program. 

20. (new) The method of claim 16, wherein the invariant property is a range of 
instruction addresses and further comprising: 

automatically generating during compilation a valid instruction address range 
including an upper bound and a lower bound for the range of addresses, wherein the source 
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code of the computer program does not include a specification of the upper bound and lower 
bound; and 

determining whether the value of the variable used with the data structure is within the 
valid instruction address range. 

21. (new) The method of claim 16, wherein the invariant property is a range of data 
values and the step of determining whether the value of the variable is consistent with the 
invariant property includes determining whether the value of the variable used with the data 
structure is within the range of data values. 

22. (new) The method of claim 1, further comprising communicating the invariant 
property from a compiler to a code generator. 

23. (new) The method of claim 22, further comprising storing the invariant property in a 
symbol table. 

24. (new) The method of claim 23, wherein the invariant property is a range of data 
addresses and the step of determining whether the value of the variable is consistent with the 
invariant property includes determining whether the value of the variable used with the data 
structure is within a range of data addresses specified in source code of the computer 
program. 

25. (new) The method of claim 23, wherein the invariant property is a range of data 
addresses and further comprising: 

automatically generating during compilation a valid data address range including an 
upper bound and a lower bound for the range of data addresses, wherein the source code of 
the computer program does not include a specification of the upper bound and lower bound; 
and 

determining whether the value of the variable used with the data structure is within the 
valid data address range. 

26. (new) The method of claim 23, wherein the invariant property is a range of 
instruction addresses established during compilation of program code that instantiates the 
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data structure and the step of determining whether the value of the variable is consistent with 
the invariant property includes determining whether the value of the variable used with the 
data structure is within the range of instruction addresses specified in source code of the 
computer program. 

27. (new) The method of claim 23, wherein the invariant property is a range of 
instruction addresses and further comprising: 

automatically generating during compilation a valid instruction address range 
including an upper bound and a lower bound for the range of addresses, wherein the source 
code of the computer program does not include a specification of the upper bound and lower 
bound; and 

determining whether the value of the variable used with the data structure is within the 
valid instruction address range. 

28. (new) The method of claim 23, wherein the invariant property is a range of data 
values and the step of determining whether the value of the variable is consistent with the 
invariant property includes determining whether the value of the variable used with the data 
structure is within the range of data values. 

29. (new) The method of claim 23, further comprising storing in the symbol table one or 
more instruction addresses at which respective updates are made to the data structure. 

30. (new) An apparatus for verifying at runtime an invariant property of a data structure 
of a computer program, comprising: 

means for determining an invariant property of a data structure from a source code 
specification of the data structure and an associated specification of the invariant property in 
the source code, wherein the specification of the invariant property defines the invariant 
property without checking whether a variable used with the data structure is consistent with 
the invariant property; 

means for generating from the specification of the invariant property a first executable 
code segment that determines whether a value of a variable used with the data structure is 
consistent with the invariant property; 
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means for determining during execution of the first executable code segment whether 
the value of the variable used with the data structure is consistent with the invariant property; 
and 

means for performing a programmed action in response to the value of the variable 
being inconsistent with the invariant property. 
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